f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe

Status: finished

Submission Time: 2024-06-08 20:21:05 +02:00

Malicious

Trojan

Spyware

Evader

Mars Stealer, Stealc, Vidar

Comments

Details

Analysis ID:
1454088
API (Web) ID:
1454088
Analysis Started:

2024-06-08 20:21:05 +02:00
Analysis Finished:

2024-06-08 20:29:02 +02:00
MD5:
9c2b900d014ba5b9dfd0ca6cef201753
SHA1:
e5705841f68d9443ba5efb553aa9f87556e403e5
SHA256:
f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf317fab7b3e90281b5d05
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
		malicious
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report

malicious

Score: 25/72

malicious

Score: 19/24

malicious

IPs

IP	Country	Detection
23.88.106.134	United States

URLs

Name	Detection
http://23.88.106.134/566d6e1ec8db6394/vcruntime140.dll
http://23.88.106.134/566d6e1ec8db6394/sqlite3.dll
http://23.88.106.134/566d6e1ec8db6394/mozglue.dll
Click to see the 49 hidden entries
http://23.88.106.134/566d6e1ec8db6394/msvcp140.dll
http://23.88.106
http://23.88.106.134/566d6e1ec8db6394/nss3.dll
http://23.88.106.134/6a9f8e2503d99c04.php
http://23.88.106.134
http://23.88.106.134/566d6e1ec8db6394/softokn3.dll
http://23.88.106.134/566d6e1ec8db6394/freebl3.dll
http://23.88.106.134/566d6e1ec8db6394/freebl3.dllYW
https://ac.ecosia.org/autocomplete?q=
https://www.ecosia.org/newtab/
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
http://23.88.106.134/6a9f8e2503d99c04.phpdus.wallet
https://www.google.com/images/branding/product/ico/googleg_lodp.ico
https://mozilla.org0/
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
http://23.88.106.134/6a9f8e2503d99c04.php)
http://www.sqlite.org/copyright.html.
http://23.88.106.134/6a9f8e2503d99c04.phpcS
http://23.88.106.134/566d6e1ec8db6394/freebl3.dlleV
http://23.88.106.134/566d6e1ec8db6394/vcruntime140.dll3x
http://23.88.106.134/566d6e1ec8db6394/vcruntime140.dll4
https://support.mozilla.org
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
http://23.88.106.134/6a9f8e2503d99c04.php6
http://23.88.106.134/566d6e1ec8db6394/nss3.dllpera
http://23.88.106.134/6a9f8e2503d99c04.phpwser
https://duckduckgo.com/chrome_newtab
https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF
http://23.88.106.134/566d6e1ec8db6394/softokn3.dllOV
https://duckduckgo.com/ac/?q=
http://23.88.106.134/6a9f8e2503d99c04.phpC
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
http://23.88.106.134/6a9f8e2503d99c04.php?S
http://23.88.106.134/566d6e1ec8db6394/nss3.dllj9
http://23.88.106.134/6a9f8e2503d99c04.phpm
http://www.mozilla.com/en-US/blocklist/
http://23.88.106.134/6a9f8e2503d99c04.phpiSS
http://23.88.106.134/6a9f8e2503d99c04.phppenSSH
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
http://23.88.106.134/566d6e1ec8db6394/mozglue.dllAV
http://23.88.106.134/6a9f8e2503d99c04.phpz
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17chost.exe
http://23.88.106.134/6a9f8e2503d99c04.php513e43049a24c4f8a56ff24fb86a0b
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016.exe
http://23.88.106.134/6a9f8e2503d99c04.phpition:
http://23.88.106.134/6a9f8e2503d99c04.phpGS
http://23.88.106.134y

Dropped files

Name	File Type	Hashes
C:\ProgramData\softokn3.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\d3d9.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\softokn3[1].dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
Click to see the 20 hidden entries
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\nss3[1].dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\mozglue[1].dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\freebl3[1].dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe.log	ASCII text, with CRLF line terminators	#
C:\ProgramData\nss3.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\ProgramData\mozglue.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\ProgramData\freebl3.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\ProgramData\msvcp140.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\ProgramData\AFIIEBGCAAECBGCBGCBK	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1	#
C:\ProgramData\vcruntime140.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\ProgramData\KJJJJDHI	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3	#
C:\ProgramData\JEHIDHDAKJDHJKEBFIEHCAAEHD	SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3	#
C:\ProgramData\ECAKKKKJDBKKFIEBKEHDGCAFCB	SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\msvcp140[1].dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\ProgramData\ECAKKKKJDBKKFIEBKEHD	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1	#
C:\ProgramData\BFHJECAA	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\vcruntime140[1].dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-shm	data	#
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-shm	data	#
C:\ProgramData\AFIIEBGCAAECBGCBGCBKEHIJEB	SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11	#

f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

URLs

Dropped files

f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe Options

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

URLs

Dropped files

Search started

f9e3368715092e6a197adf1ae64d6fbe059252b4fbaf3.exe